Situational awareness – ‘seeing’ your security gaps

Use analytics to stay three or four steps ahead of cyber criminals

Cameron Jones, Principal Security Intelligence Consultant, SAS

Cyber threats. Cyber attacks. Cyber intrusions. No matter what you call it, the problem is the same. You need to stop cyber criminals from destroying profits and eroding the trust your customers have in your agency or financial institution. But stopping them can be difficult if you can’t see the possible entry points – the holes in your security.

Cyber criminals are always changing tactics – looking for opportunities you might have missed. So you have to view your agency or institution in the same way a possible intruder would.

Example: situational awareness

Let me use a little analogy here to show you what I mean: When you get home this evening, you lock the front and back doors. You feel pretty safe, right?

In the past, financial services organizations and government agencies have looked at cyber security as an IT problem. Today we know that we have to look at it as a risk management problem.

During the night, you hear someone walking around in your kitchen. How could he have gotten in? When you start looking around, you see that he opened an unlocked window and climbed in. And during your search, you find that you left the garage door open and you didn’t even lock the door from the garage into the house. Like cyber criminals, a would-be intruder will keep looking for a way to get in.

When you take a similar look at your security, what do you see? There are many, many possible entry points to protect – hundreds, even thousands of security systems and devices.

How many ‘windows’?

The number of attacks have been growing nearly as fast as the volume of data that you hold. To make matters worse, the agility and sophistication of the attackers is also increasing. Threats come from foreign nations, criminal groups, hackers, hacktivists, disgruntled insiders and terrorists.

According to a recent report by Longitude Research, the most damaging cyber attacks are from phishing, botnets and mobile malware. But there are many other avenues, including:

Denial of service

Exploitation

Logic bombs

Sniffers

Trojan horses

Viruses

Worms

Spyware

War-dialing

War-driving

Spamming

Spoofing

Pharming

Responding to the threat

It’s estimated that 99.6 percent of all email traffic directed to government mailboxes is spam or malicious messages.

Longitude Research polled 250 financial institutions to learn more about their cybersecurity challenges. It’s alarming that less than one in four believe that their bank’s internal resources are “highly” prepared for a cyber attack. (Read the entire report.)

In the past, financial services organizations and government agencies attackhave looked at cybersecurity as an IT problem. Today we know that we have to look at it as a risk management problem. So we have to shift our focus and look to our data for trends and patterns. You need a tool that can correlate data, provide analysis and warning capabilities and improve situational awareness.

Ninety percent of federal agencies and 99 of the top 100 banks use an analytics solution – SAS Analytics – for mission-critical operations and activities. And the statistical analysis and modeling used for fraud detection, financial management and human resources can be used for cybersecurity.

SAS for cybersecurity analyzes activities; uncovers vulnerabilities, threats and patterns; reveals trends and predicts future threats and attacks so you can take proactive measures to protect your data and networks.

For instance, a US military cyber defense organization is using SAS Analytics as part of a situational awareness system. The system lets analysts respond immediately to threats and more proactively defend the organization’s networks.

With analytics, you can look three or four moves ahead – find the doors and windows before the attacker does. As Kagan says, it’s time to “stop playing checkers and start playing chess.”

More Insights

Who's prepared?

Longitude Research polled 250 financial institutions to learn more about their cyber security challenges. It’s alarming that less than one in four believe that their bank’s internal resources are “highly” prepared for a cyber attack. (Read the entire report.)